1. Forum
  2. Usenet
  3. ALT.COMP.OS.WINDOWS-8

  • BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8

    From Arlen Holder@21:1/5 to All on Thu Jul 30 05:44:17 2020
    XPost: alt.comp.os.windows-10, alt.os.linux

    Dateline today, verbatim...
    "Security researchers at Eclypsium discovered a vulnerability that
    affects the bootloader used by 'virtually every' Linux system,
    and almost every Windows device using Secure Boot with Microsoft's
    standard Unified Extensible Firmware Interface (UEFI) certificate
    authority."

    o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10*
    <https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/>

    "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
    and sits in the default GRand Unified Bootloader 2 (GRUB2)
    but affects systems running Secure Boot even if they are not
    using GRUB2.

    If successfully exploited, BootHole opens up Windows and Linux devices
    to arbitrary code execution during the boot process, even when Secure
    Boot is enabled. Meaning an attacker could gain persistence for
    stealthily installed malware and give them, "near-total control"
    over the device, according to Eclypsium."
    --
    Together we can keep ourselves informed of the latest news on our OS.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrei Z.@21:1/5 to Arlen Holder on Thu Jul 30 09:00:37 2020
    XPost: alt.comp.os.windows-10, alt.os.linux

    Arlen Holder wrote:
    Dateline today, verbatim...
    "Security researchers at Eclypsium discovered a vulnerability that
    affects the bootloader used by 'virtually every' Linux system,
    and almost every Windows device using Secure Boot with Microsoft's
    standard Unified Extensible Firmware Interface (UEFI) certificate
    authority."

    o *BootHole Secure Boot Threat Found In Most Every Linux Distro, Windows 8 And 10*
    <https://www.forbes.com/sites/daveywinder/2020/07/29/boothole-secure-boot-threat-confirmed-in-most-every-linux-distro-windows-8-and-10-microsoft-ubuntu-redhat-suse-debian-citrix-oracle-vmware/>

    "CVE-2020-10713, dubbed BootHole, has a high CVSS rating of 8.2
    and sits in the default GRand Unified Bootloader 2 (GRUB2)
    but affects systems running Secure Boot even if they are not
    using GRUB2.

    If successfully exploited, BootHole opens up Windows and Linux devices
    to arbitrary code execution during the boot process, even when Secure
    Boot is enabled. Meaning an attacker could gain persistence for
    stealthily installed malware and give them, "near-total control"
    over the device, according to Eclypsium."


    "multiple secure boot grub2 and linux kernel vulnerabilities" - oss-security https://www.openwall.com/lists/oss-security/2020/07/29/3

    "Mitigating BootHole ..." - Ubuntu https://ubuntu.com//blog/mitigating-boothole-theres-a-hole-in-the-boot-cve-2020-10713-and-related-vulnerabilities

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)